asyncrat | e91997ede0af6498cdec211340fc59fcb814a9bbaf47115149d1e17126b8088a | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

25a499f71d...1e.exe

windows7-x64

25a499f71d...1e.exe

windows10-2004-x64

Sharing

General

Target

25a499f71d8652bf3f9800057412e31e
Size

2.7MB
Sample

231225-rtnqfshhej
MD5

25a499f71d8652bf3f9800057412e31e
SHA1

b74b638471e2dafec4d98d3e790920be500b3318
SHA256

e91997ede0af6498cdec211340fc59fcb814a9bbaf47115149d1e17126b8088a
SHA512

4911f395a3d2f296344dcd5869c65b3ad9e10bb749a9e0cb6cd4ff96ee643555a8c0a99258cc4123ba81dc1ec969d2caf3b2152eb123a34bbc8bfbeaa5ee0b0a
SSDEEP

24576:c4abEjzQIEjzQIEjzQIEjzQIEjzQIEjzQIEjzQIEjzQIEjzQ9EjzQIEjzQ911EjR:YccccccccxcZ/cccc1goPBy

Score

10^/10

asyncrat default rat

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

25a499f71d8652bf3f9800057412e31e.exe

Resource

win7-20231215-en

asyncrat default rat

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

25a499f71d8652bf3f9800057412e31e.exe

Resource

win10v2004-20231215-en

asyncrat default rat

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

asyncrat

Version

0.5.6D

Botnet

Default

C2

milla.publicvm.com:6606

milla.publicvm.com:7707

milla.publicvm.com:8808

Mutex

hzizmtfuyizxxugkf

Attributes

delay
8
install
true
install_file
mincrafte.exe
install_folder
%AppData%

aes.plain

Targets

- Target
  
  25a499f71d8652bf3f9800057412e31e
- Size
  
  2.7MB
- MD5
  
  25a499f71d8652bf3f9800057412e31e
- SHA1
  
  b74b638471e2dafec4d98d3e790920be500b3318
- SHA256
  
  e91997ede0af6498cdec211340fc59fcb814a9bbaf47115149d1e17126b8088a
- SHA512
  
  4911f395a3d2f296344dcd5869c65b3ad9e10bb749a9e0cb6cd4ff96ee643555a8c0a99258cc4123ba81dc1ec969d2caf3b2152eb123a34bbc8bfbeaa5ee0b0a
- SSDEEP
  
  24576:c4abEjzQIEjzQIEjzQIEjzQIEjzQIEjzQIEjzQIEjzQIEjzQ9EjzQIEjzQ911EjR:YccccccccxcZ/cccc1goPBy
Score

10^/10

asyncrat default rat
- AsyncRat
  AsyncRAT is designed to remotely monitor and control other computers written in C#.
  rat asyncrat
- Async RAT payload
  rat
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

asyncratdefaultrat

behavioral2

asyncratdefaultrat

© 2018-2025

Terms | Privacy